Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.

How

Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Google, SPF information, etc. After all the information is stored and organized it scans the ports of every IP found using nmap and perform several other security checks. After the ports are found, it uses the tool crawler.py from @verovaleros, to spider the complete web page of all the web ports found. This tool has the option to download files and find open folders.

Current version is 0.8 and the main features are:

It creates a directory with all the information, including nmap output files.

It uses colors to remark important information on the console.

It detects some security problems like host name problems, unusual port numbers and zone transfers.

It is heavily tested and it is very robust against DNS configuration problems.

World-domination: You can automatically analyze the whole world! (if you have time)

Robin-hood: Although it is still in development, it will let you send automatically an email to the mails found during scan with the analysis information.

Robtex DNS: With this incredible function, every time you found a DNS servers with Zone Transfer, it will retrieve from the Robtex site other domains using that DNS server! It will automatically analyze them too! This can be a never ending test! Every vulnerable DNS server can be used by hundreds of domains, which in turn can be using other vulnerable DNS servers. BEWARE! Domains retrieved can be unrelated to the first one.

Examples

Find 10 random domains in the .gov domain and analyze them fully (including web crawling). If it finds some Zone Transfer, retrieve more domains using them from Robtex!!

domain_analyzer.py -d .gov -k 10 -b

(Very Quick and dirty) Find everything related with .edu.cn domain, store everything in directories. Do not search for active host, do not nmap scan them, do not reverse-dns the netblock, do not search for emails.

domain_analyzer.py -d edu.cn -b -o -g -a -n

Analyze the 386.edu.ru domain fully

domain_analyzer.py -d 386.edu.ru -b -o

(Pen tester mode). Analyze a domain fully. Do not find other domains. Print everything in a pdf file. Store everything on disk. When finished open Zenmap and show me the topology every host found at the same time!

(Everything) Crawl up to 100 URLs of this site including subdomains. Store output into a file and download every INTERESTING file found to disk.

crawler.py -u www.386.edu.ru -w -s -m 100 -f

(Quick and dirty) Crawl the site very quick. Do not download files. Store the output to a file.

crawler.py -u www.386.edu.ru -w -m 20

(If you want to analyze metadata later with lafoca). Verbose prints which extensions are being downloaded. Download only the set of archives corresponding to Documents (.doc, .docx, .ppt, .xls, .odt. etc.)

crawler.py -u ieeeexplore.ieee.org/otherfiles/ -d -v

Most of these features can be deactivated.

Screenshots

Example domain_analyzer.py -d .gov -k 10 -b

Installation Just untar the .tar.gz file and copy the python files to the /usr/bin/ directory. Domain_analyzer needs to be run as root. The crawler can be run as a non-privileged user. If you want all the features (web crawler, pdf and colors), which is nice, also copy these files to /usr/bin or /usr/local/bin

ansistrm.py

crawler.py

pyText2pdf.py

If you have any issues with the GeoIP database, please download it from its original source here. And install it in where your system needs it, usually at /opt/local/share/GeoIP/GeoIP.dat